One Article Review
| Source |  Errata Security |
|---|---|
| Identifiant | 1581430 |
| Date de publication | 2020-03-04 15:05:04 (vue: 2020-03-04 21:00:09) |
| Titre | A requirements spec for voting |
| Texte | In software development, we start with a "requirements specification" defining what the software is supposed to do. Voting machine security is often in the news, with suspicion the Russians are trying to subvert our elections. Would blockchain or mobile phone voting work? I don't know. These things have tradeoffs that may or may not work, depending upon what the requirements are. I haven't seen the requirements written down anywhere. So I thought I'd write some.One requirement is that the results of an election must seem legitimate. That's why responsible candidates have a "concession speech" when they lose. When John McCain lost the election to Barack Obama, he started his speech with:"My friends, we have come to the end of a long journey. The American people have spoken, and they have spoken clearly. A little while ago, I had the honor of calling Sen. Barack Obama - to congratulate him on being elected the next president of the country that we both love."This was important. Many of his supporters were pointing out irregularities in various states, wanting to continue the fight. But there are always irregularities, or things that look like irregularities. In every election, if a candidate really wanted to, they could drag out an election indefinitely investigating these irregularities. Responsible candidates therefore concede with such speeches, telling their supporters to stop fighting.It's one of the problematic things in our current election system. Even before his likely loss to Hillary, Trump was already stirring up his voters to continue to the fight after the election. He actually won that election, so the fight never occurred, but it was likely to occur. It's hard to imagine Trump ever conceding a fairly won election. I hate to single out Trump here (though he deserves criticism on this issue) because it seems these days both sides are convinced now that the other side is cheating.The goal of adversaries like Putin's Russia isn't necessarily to get favored candidates elected, but to delegitimize the candidates who do get elected. As long as the opponents of the winner believe they have been cheated, then Russia wins.Is the actual requirement of election security that the elections are actually secure? Or is the requirement instead that they appear secure? After all, when two candidates have nearly 50% of the real vote, then it doesn't really matter which one has mathematical legitimacy. It matters more which has political legitimacy.Another requirement is that the rules be fixed ahead of time. This was the big problem in the Florida recounts in the 2000 Bush election. Votes had ambiguities, like hanging chad. The legislature come up with rules how to resolve the ambiguities, how to count the votes, after the votes had been cast. Naturally, the party in power who comes up with the rules will choose those that favor the party.The state of Georgia recently pass a law on election systems. Computer scientists in election security criticized the law because it didn't have their favorite approach, voter verifiable paper ballots. Instead, the ballot printed a bar code.But the bigger problem with the law is that it left open what happens if tampering is discovered. If an audit of the paper ballots finds discrepancies, what happens then? The answer is the legislature comes up with more rules. You don't need to secretly tamper with votes, you can instead do so publicly, so that everyone knows the vote was tampered with. This then throws the problem to the state legislature to decide the victor.Even the most perfectly secured voting system proposed by academics doesn't solve the problem. It'll detect voter tampering, but doesn't resolve when tampering is detected. What do you do with tampered votes? If you throw them out, it means one candidate wins. If you somehow fix them, it means the other candidate w |
| Envoyé | Oui |
| Condensat | 2000 able about above abysmally academics accept acceptable achieve actual actually adding adversaries after afterwards against ago ahead all allows already always ambiguities american among anonymity anonymous another answer answers any anywhere app appear approach apps are aren assemble audit away ballot ballots bar barack because been before being believe best better between big bigger biggest blockchain blogpost booths both bribed bribery broken bush but call calling can candidate candidates cannot care case cases cast certain chad chance cheated cheating child choose chooses clearly closer code coerce/bribe coerced coercion come comes common completely computer concede conceding concession confused confuses confusing congratulate conspiracy continue conversely convicted convinced could count counting/tabulating countries country course criticism criticized cryptographic current cybersecurity day days decide defining delegitimize democracies democracy depending describe deserves designed detect detected developer development development: devices devising didn directions discovered discrepancies disenfranchisement disenfranchising distorts doesn don done down drag dramatic dumb easy either elected election elections electronic eligibility eligible end entire even ever every everybody everyone exactly example excite excludes experiment explicitly extreme extremes failing fails fairly fake favor favored favorite felons fight fighting find finds fit fix fixed flawed flaws florida forbid friends from furniture georgia get getting goal goes good googling hackers hacking had hand hanging happens hard has hate have haven help here hillary him his holiday honor hoping horrible how idea ideas ikea imagine implementation important improve improvements include includes increasing indeed indefinitely instead investigating involved irregularities isn issue its jails john journey know knows large laughable law leads left legislature legitimacy legitimate less like likely list; listing lists little long look lose loss lost lot love low luring machine machines machines: major make makes many massive mathematical matter matters may mccain mean means measure mechanism meet mobile moderate mondays months more most move much must naive national naturally nearly necessarily necessary need needs never news next not now number obama obvious obviously occur occurred often one only open opponents other otherwise out over own paper part participation party pass people percentage perfect perfectly phone phones playing pointing political population position positions power preferable preferred prejudicial preserve president presidential prevent preventing printed problem problematic problems problems: process proclaim proposed protocol protocols public publicly purely purposes putin question questions random randomly rates read real really reasons recently recounts registering registration removing requirement requirements rerun resolve responsible results reveal risk risks rolls roughly rule rules run russia russian russians same scientists screaming secretly secure secured security seem seems seen selection sen side sides simple single skip software solution solutions solve solving some somehow sounds spec specification speech speeches spoken start started state states stirring stop strange strategy struggle struggled stupid subvert such supporters supposed sure surface suspected suspicion swing system systems tamper tampered tampering telling than that them then theory therefore these things third those though thought three throw throws time times toward toy tradeoffs transparent trump try trying turnout two types united unsuccessful upon usability usable using vacation various verifiable versus very viable victor vote voted voter voters votes voting want wanted wanting wars way ways wednesdays what whatever when which who why will willing win winner wins with: within won words work would write written years your |
| Tags | Guideline |
| Stories | |
| Notes | |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.